Stories

CVE-2013-2275

919785:
CVE-2013-2275 Puppet: default auth.conf allows authenticated node to submit a report for any other node

Details

The MITRE CVE dictionary describes this issue as:

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.